Re: md5sum passwords

To: debian-devel@Pixar.com
Subject: Re: md5sum passwords
From: "Andrew D. Fernandes" <adfernan@cnd.mcgill.ca>
Date: Thu, 16 Nov 1995 08:26:38 -0500 (EST)
Message-id: <[🔎] 199511161326.IAA18905@mines.cnd.mcgill.ca>
In-reply-to: <199511160137.BAA08143@shellx.best.com> from "Daniel Quinlan" at Nov 16, 95 01:37:31 am

> A mixed solution may be possible, supplying DES (from both a US and a
> non-US site) to those who require YP support.  I'm still not in favor
> of Debian doing this alone in the Linux community, though.

<sigh>Yep, another "me too" reply...</sigh>

I see quite often, like here at McGill University, what you get quite
often are mixtures of older machines (suns, sgi, etc) and a few people
running linux boxes and wanting to network. Try telling people that
you can't interoperate a linux box on the net, and you seriously
damage linux's credibility.

Also, when it comes to the fixed vs. variable length password issue, I
think compatability should be the key focus, not security. Why? Well,
at an 8 character limit, if we use upper/lower case letters, numbers,
and just a few symbols, we get at *least* 64 possible characters per
password position -> at *least* 6 bits of entropy per character ->
at least 48 bits per password. That's plenty for most installations.

Longer passwords, while they may preclude compatablility with other
systems, are no excuse for not choosing good passwords: "I love
Francesca" may have more than 8 characters, but it certainly is not
more secure than "R8#cjs;)". There are plenty of references on how to
pick good passwords in 8 characters.

Just my 0.02$,
-Andrew. <adfernan@cnd.mcgill.ca>

Reply to:

Follow-Ups:
- Re: md5sum passwords
  - From: karl@tower.com.au (Karl Ferguson)

Prev by Date: Re: Revised resorted bugs list
Next by Date: Re: md5sum passwords
Previous by thread: Re: md5sum passwords
Next by thread: Re: md5sum passwords
Index(es):
- Date
- Thread